Cisco WAN :: ACL Matches On 6500?
Jun 1, 2013
I've been studying the PFC and MSFC features on the Cisco 6500 and came across a very interesting fact that on a Cisco 6500 switch ACL entries that are processed in hardware do not show any matches when we use the show access-list "acl name: command. From what I've read so far I've come accorss the command to check the ACL hit counters fro entries that are processed in hardware.
Below is the ACL counter from Hardware and the Software and I have also attached the entire ACL.
Output 1 (Hardware Matches)
mumbkc02ecc10#sh tcam interface vlan 533 acl in ip allDisplaying interface ACL TCAM entries for module 5----------------------------------------------------
* Global Defaults not shared
[Code]....
View 2 Replies
ADVERTISEMENT
Dec 21, 2011
how can we upgrade 6500 non modular ios to normal 6500 ios?
View 5 Replies
View Related
Mar 29, 2011
I'm receiving about 99%CPU on 6500 .Butwhen i go show cpu sorted ,i can't see any process taking more than 2% load .My IOS is s72033-ipservicesk9_wan-mz.122-18.SXF13.bin
6500#sh processes cpu sorted | exclude 0.00CPU utilization for five seconds: 99%/97%; one minute: 99%; five minutes: 99% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 114 11136 1772 6284 0.79% 0.13% 0.30% 1 Virtual Exec 6 84386920 6320367 13351 0.71% 0.27% 0.23% 0 Check heaps 123 94861244 849807118 111 0.31% 0.38% 0.39% 0 IP Input 180 10647916 52152600 204 0.07% 0.03% 0.02% 0 CEF process 316 12053884 68553405 175 0.07% 0.21% 0.08% 0 OSPF Router 1 281 31925228 239981938 133 0.07% 0.04% 0.05% 0 Port manager per 213 61331112 213008378 287 0.07% 0.08% 0.09% 0 SNMP ENGINE 37 5577644 36376566 153 0.07% 0.05% 0.02% 0 Per-Second Jobs
View 7 Replies
View Related
Apr 9, 2013
I want to add module of WS-X6716-10GE(-3C). The type of 6500 isCisco WS-c6509-e (r7000) processor (revision 1.2).Can I add this module to this type of 6500?Do I need to reset the 6500 in order to the 6500 receive the module?
View 2 Replies
View Related
Jun 21, 2011
We have got a big problem with our NAM (WS-SVC-NAM-1) - it does not boot. We have got a second one and in an other chassis. I changed the chassis, and RAM and Flash from the other one. RAM and Flash are ok.
We checked the disc (hardware) with an Ontrack-tool -it is OK.
environment: 6500 VSS
sh logging:
Jun 17 13:18:24: SW1_SP: Switch 1 Physical Slot 7 - Module Type LINE_CARD inserted
sm(cygnus_oir_bay slot7), running yes, state wait_til_online
Last transition recorded: (offline)-> empty (remove)-> empty_clr_persist (remove)-> empty (insert)-> may_be_occupied (timer)-> occupied (known)-> can_power_on (yes_power)-> powered_on (real_power_on)-> check_power_on (timer)-> check_power_on (power_on_ok)-> wait_til_online
View 2 Replies
View Related
Mar 17, 2011
what is the Equivalent for OTV for 6500 VSS,curently we r connected over L3 MPLS.
View 5 Replies
View Related
Jul 26, 2012
I have a question with regards to 6500 Redundancy. We currently have only one in our DC, it has 2 SUP 720s, two FWSMS, and multiple switchport blades. My question is is this fully redundant? and if not what is it that can fail, so I can look into adding that extra layer of redundancy.
View 3 Replies
View Related
Jan 14, 2013
Just like to ask first your inputs about the MTUs needed on our proposed setup. We currently have a large internal network composed of several metro ethernet links. We have different carriers and we all know that they do not always provide L1 connectivity. They sometimes do Q-in-Q or EoMPLS or other technologies that would hide their internal network and appear as a point-to-point ME circuit to customers.
We are planning to create our own MPLS network for our clients so we don't have to leak their networks inside ours and we are trying to avoid the overhead of GRE/IPSEC since we'll be adding a lot of client networks and the overhead is not reasonable. So we just thought of MPLS-VPN to at least reduce the overhead and we don't have to purchase a lot of network devices.
With that said, what is the safest thing to ask the carriers and what settings should i put in our network devices. I am still confused with the differences of MTU, IP MTU, and MPLS MTU.
We also have one circuit running 802.1q instead of using routed-port on the switch. Is 802.1q supported in LDP?
Our internal network is comprised of 6500 switches with Sup720 and Gigabit linecards and we are planning to use 3900 routers as PEs. We all hooked up our ME circuits across the 6500 switches.
View 1 Replies
View Related
Jul 13, 2012
I will be configuring all the MEC links on my 6500 VSS chassis tomorrow morning and one thing I am a bit confused about.According to the best practices guide they suggest you configure all etherchannels trunks to be in desirable mode. All the trunks are using LACP active - active right now but that's only to one chassis.Should I change all my MEC etherchannel trunks to desirable mode or just leave them active-active?
View 6 Replies
View Related
Apr 26, 2013
We have a non-cisco device peering with Cisco 6500 for bgp. The routing table is fully populated and connection is good.But after some time we see bgp hold timer error on the non-cisco device. This device by default has a hold timer of 90 seconds which is different from default cisco hold timer. Will this cause any disruptions to the network? If we change the hold timer on one device to match on both sides, will it reset the bgp session?
View 10 Replies
View Related
Oct 29, 2012
I have 2x6500s series catalyst core switch. i configurated vss. all them are working normal. but i have one problem. some of my servers link is down sometimes. I configurated server links as etherchannel.at etherchannel not both of links down only one link down.this modules i used to connect servers to core switch. modules 3 and 7 slot.
View 7 Replies
View Related
May 14, 2012
We currently have the following configuration:
STB_6509#sho mod
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 10 WiSM WLAN Service Module WS-SVC-WISM-1-K9
2 24 CEF720 24 port 1000mb SFP WS-X6724-SFP
5 2 Supervisor Engine 720 (Active) WS-SUP720-3B
[code]....
I would like to add a redundant supervisor blade to the 6509 that is in production. Can this be done plug and play and require no reload. Are all WS-SUP720-3B the same as far as memory etc... or can I buy any used WS-SUP720-3B and it will work properly.
View 1 Replies
View Related
May 13, 2012
We need to get the MIB /OID information for 6500 series switches. Especially we need to monitor the Gig interface “input & output” traffic rate for every second.Switch model: WS-C6509-E / SUP 720 We tried the below value but not getting proper output. MIB:- 1.3.6.1.2.1.2.2.1.10.2 Also we would like to know whether there would be any impact on running the below global command “snmp-server hc poll <in msec>” in 6500 series switch.
View 4 Replies
View Related
Apr 22, 2013
I see these errors on my 6500 router which acts as my server farm and has hundreds of servers connecting to it. I have just taken over these routers from another guy and think the errors may have been there for quiet awhile. I have another router which doen't seem to have these errors. Can you tell me how to turn off netflow? Will it cause any problems to my server farm? Is there a risk to the router if I disable something?
I ask this cause the server guys are having problems with certain servers. I am not sure if they are because of this or not. I really would like to clear the logs. [code]
View 4 Replies
View Related
Jun 9, 2013
Come across a problem with bgp logging on 6509-e with 12.2(17r)SX5 ?
View 1 Replies
View Related
Jan 13, 2012
We have a network between two locations. WAN is 100 Mbps MPLS provided by service provider. There is a FWSM module on core switches. Problem we are facing is FTP file transfer between two servers across WAN link never crosses 20 Mbps. Link is 100 Mbps. However if we do parallel file tranfers each transfer is 20 Mbps . But we dont get transfer rate above 20 Mbps in a single FTP session. Is there any bottle neck where traffic is getting restricted.Traffic between two mservers passes through 100Mbps MPLS WAn link, 6500 core switch and FWSM module in switch.
View 7 Replies
View Related
Dec 5, 2011
We have an issue with our 6500 catalysts.
We are regularly seeing the error above on our cat6500 devices when executing a 'sh run ' command:
We've seen this error for quite some time but the frequency seems to be increasing up to the point where it becomes problematic now because backups and other automated actions are failing regularly.
We don't see multiple processes with the commando "sh config lock" at that time. But when we do a "sh users", we can see sometimes multiple users.
I supose it is possible for multiple users to do a logon at the same time, but not make changes at the same time.
We are using IOS s72033-ipservicesk9_wan-mz.122-33.SXI7.bin. It seems that all switches with these IOSses seem to have the problem. But in the bug toolkit I can't find any reference to a bug...
View 3 Replies
View Related
May 4, 2011
Two days ago, a brilliant guy inserted a different ios in a Cisco Catalyst 6500 and erased the original ios. I have twice downloaded the original ios by xmodem (too much time!) and both of them, when I reload the 6500, it doesn't work: I have the following message:
loadprog: bad file magic number: 0x0 boot:cannot load "bootdisk:s72033-ipservicesk9_wan-mz.122-18.SXF11.bin"
Second time, when the ios uploaded, I checked the sup-bootdisk: and the flashboot: and both have the wrong ios listed, but it wasn't there: I've tried to delete it and squeeze it, but had a message saying "can't delete because the ios is not there" or something like this. I finished formatting both (flashboot: and sup-bootdisk:), tftp the ios, double-checked the bootloader, compared with other identical 6500 and reloaded again, just to find the same message I've written before.
Supervisor 720 PFC3B. Slots for disk0 and disk1 are broken or I can't read them from the rommon.
View 10 Replies
View Related
Apr 27, 2013
I've ISE v1.1.2.145 and Cat 6500 IOS ADVENTERPRISEK9-M, Version 15.0(1)SY2
I'm trying to add 6500 in the trustsec group with ISE and followed the trustsec 2.1 documentation. After configuring it keeps on giving me error in the ISE logs below with the subject #CTSREQUEST#
11302 Received Secure RADIUS request without a cts-pac-opaque cisco-av-pair attribute
Below are the steps:
11001 Received RADIUS Access-Request
11017 RADIUS created a new session
15012 Selected Access Service - NDAC_SGT_Service
11302 Received Secure RADIUS request without a cts-pac-opaque cisco-av-pair attribute
Also after i configure cts credentials and radius-server pac command in 6500, it starts giving me log messages that radius is down and the next moment it comes up again. It is continously doing that.
View 2 Replies
View Related
Apr 26, 2011
Cisco 6500 Sup720-3B SPA IOS SXI - GRE tunnel will not come up.It worked fine on SXF code, but the crypto map can not be applied on tunnel interface.The iskmp is up with the OM_IDLE The crypto give it a Cryto UP, the the Tunnel does not come up. It is UP down.Does some one have a working config with a 6500 IOS SXI Train with GRE IPSEC Tunnel?
View 1 Replies
View Related
Jul 20, 2009
Have a 6500 using the vpn spa with ipsec tunnels. The plan is to migrate all tunnels over to DMVPN. When we configured the mGRE tunnel and bring it up, all the other tunnels slowly drop. As soon as we shutdown the mGRE tunnel, all other tunnels come up. We have a tunnel key set for the mGRE tunnel. The only limitations I could find were that we only source 1 mGRE tunnel from an interface, I could not find anything about sharing and interface with p3p tunnels. Is it possible to source an mGRE tunnel and p3p tunnel from the same interface?
View 4 Replies
View Related
Jun 21, 2012
We are facing an issue with the NAM3.Version: 5.1(2-patch4)
we can not login using the GUI. when we try to login we are getting the following warning:
Initializing database. Please wait until initialization process finishes.(see attachment)
we have rebooted the NAM3 module but the issue is not solved. the NAM3 module is running on 6500 Series Switch.(Cisco Catalyst 6500 Series Network Analysis Module (NAM-3)
View 5 Replies
View Related
Jun 19, 2011
6504 Sup720 ----Dot1q Trunk ----6504 Sup270VPN SPA VLAN 20,30 VPN SPA VLAN 20,30Normal VLAN 10,40 Normal VLAN 10,40,Every 18-24 hours the 6500's- the 6500 go to 100 % CPU - the work around is to reboot one of the switches. Then they will run 18-24 hours.The fix was to only trunk VLAN 10,40 (Networks that needed to see each other) between the switches. If the vlans that the VPN SPA was trunked you would Every 18-24 hours the 6500's- the 6500 go to 100 % CPU.Simple design GRE IPSEC tunnels that work fine and the latest SXI code. It appears that if you trunk the VPN SPA trunks and they are the same VLAN that it going into some kind bridging loop. No errors. Just unresponsive.
View 2 Replies
View Related
Apr 10, 2012
I have the next config of radius authentication:
aaa new-model
aaa authentication login default group radius local
aaa authorization exec default group radius local
aaa session-id common
ip radius source-interface Vlan31 vrf LEGACY
[Code] .....
View 3 Replies
View Related
Jul 2, 2012
I have Cisco Catalyst 6500 with IOS Version 12.2(17r)SX5I need real-time monitornig of failed interface, to shut it administratively down and after 5 minutes "no shutdown" it.I think is good idea to use Cisco EEM for this task.My algorithm is below:
1. EEM script is looking for event about failed interface.
2. EEM script is shutting interface down.
3. EEM script is waiting 5 minutes.
4. EEM script is enabling interface.
I know how to configure EEM for steps 1, 2 and 4, but step 3 I do not.
View 2 Replies
View Related
May 9, 2012
We have cisco ace 30 modules installed in cisco 6500 switches. For application availability purpose from the internet, we need to have some global site selector/3rd party devices with similar feature set that of cisco gss.
whether cisco ace is compatible to ge tintegrated with other 3rd party devices like F5 GTM?
View 1 Replies
View Related
Feb 19, 2013
My comany is planning get full bgp table from our providers we have mutliple egress providers in order to load balance we are looking for a full table from all of them what would be minumu requiremts we have all edges as 6500 with sup 720 ,is there any memory requrements that need to be upgraded ??
View 4 Replies
View Related
Jan 31, 2013
I just got a new WIsm2 to work and I'm missing the second controller on a 6500 the session slot 12 processor 1 comand brings me to the logon screen. but session slot 12 processor 2 ends with an Error, Am I right that the new wism2 has/is only one controller other than the 'old' wism which has processor 1 and 2 ?
View 4 Replies
View Related
Feb 21, 2012
I am trying to convert QOS policy on 6500 CAT to IOS as below,
1-getting error when try to apply on interface.
2-How can I apply both into one plicy map because IOS convertor puts into two policy maps.
CAT
set qos policer aggregate Limit_WSUS rate 4000 policed-dscp erate 4000 drop burst 1000 eburst 1000set qos policer aggregate Limit_SCCM rate 4000 policed-dscp erate 4000 drop burst 1000 eburst 1000clear qos acl all
#WSUSset qos acl ip WSUS dscp 0 aggregate Limit_WSUS ip host 172.16.9.3 any
set qos acl ip WSUS dscp 0 aggregate Limit_SCCM ip host 172.16.10.5 any
[code]....
View 0 Replies
View Related
Sep 4, 2011
We have a Cisco 6500 running the following image;
Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICES_WAN-M), Version 12.2(33)SXH4, RELEASE SOFTWARE (fc1)
We are attempting to configure Netflow and export to a colloector. We have the following configuration applied to the device, we can ping from within the vrf to the destination of the flow collector
ip flow-cache timeout active 1
ip flow ingress layer2-switched vlan 1,800-801,803,821-823,861-862,871,900,998,1100-1107,1121,1200,1221,1301-1302,1321-1322
mls netflow interface
mls flow ip interface-full
ip flow-export version 5(code)
however we do not receive the flows on the collector. We can see the flow for both hardware and software but cannot see them at the collowctor.
View 2 Replies
View Related
Jun 29, 2011
A customer observes SNMP timeout problems on a Cat6500 with IOS 12.2(33)SXI. As a result every 2 days (more or less) all interfaces are marked DOWN and a couple of minutes later all interface are up again - but in fact there is no interruption, it is just the snmp request getting a time out. the customer does not have problems with IOS 12.2(18)SXF14.
In the Bug Details the "Known affected versions" lists the following beside others:
12.2(33)SXI
12.2(33)SXI1
12.2(33)SXI2
[code]...
Now I am confused; both IOS versions are listed as affected (12.2(33)SXI and 12.2(18)SXF14) but the customer does have problems only with one version. Is the customer hitting this bug or is it another one ?
He upgraded 2 Cat65xx on which he observed the problem to IOS 12.2(33)SXI6 and the problem is gone; is this just a coincidence or is CSCed52841 really fixed in 12.2(33)SXI6. This version is not listed as affected but on the other hand, "Fixed-In" lists only these 3:
12.1(22.3)E1
12.2(17d)SXB5
12.2(18)SXD
Before going to upgrade around 50 Core / Distribution switches the customer wants to be sure with the IOS version. Tracing the issue is not that easy because the failure occurs only from time to time.
View 6 Replies
View Related
Jul 9, 2012
I have 2 6500 Core switches in VSS configuration. Redundant VSL links are configured between them in below fashion.
Te1/5/4 of switch1 is connected to Te2/5/4 of switch2 in Portchannel1 which is up. Te1/5/5 of switch1 is connected to Te2/5/5 of switch2 in Portchannel2 which is down.
My "show interface Te5/5","show int status","sh int te1/5/5 transciever" show SPF is detected but the port is down at both Layer1 and 2 I see light coming from Rx and Tx of SPF modules and cables.
View 1 Replies
View Related
Jul 19, 2011
Our customer wants load-balance across unequal circuits due to the primary link being saturated. Primary link is 10Mb and backup is 4mb (multilink 2 x 2Mb).
I have tried implementing this using ‘variance’ under EIGRP on the 6500 switch but can’t seem to get both WAN routes in the routing table - unless I use the same metric on the route-maps we use for redistribution – e.g. set metric 10000 100 255 1 1500
If I do this the 6500 sees both routes but I’m concerned too much traffic will go via the lower speed link causing more problems. I have adjusted the delay under redistribution to make the 4Mb less preferred and I see this under ‘show ip eigrp top’ and thought the ‘variance’ command on the 6500 switch would work. But no matter what I set variance to it still doesn’t enter the less preferred route in the routing table.
Topology is as follows:
____
|----2800---WAN (10Mb)
6500]
____|----3640---WAN (4Mb)
We use BGP on the WAN and redistribute into EIGRP on the LAN using route maps as follows:
2800 (10Mb)
router eigrp 5555
redistribute bgp 888 metric 10000 200 255 1 1500 route-map bgp-eigrp
no auto-summary
router bgp 888
[Code]....
View 6 Replies
View Related
